public void AppendTrailingSlash()
 {
     Assert.AreEqual("/hithere/", VPU.AppendTrailingSlash("/hithere"), "A1");
     Assert.AreEqual("/hithere/", VPU.AppendTrailingSlash("/hithere/"), "A2");
     Assert.AreEqual("/", VPU.AppendTrailingSlash("/"), "A3");
     Assert.AreEqual("", VPU.AppendTrailingSlash(""), "A4");
     Assert.AreEqual(null, VPU.AppendTrailingSlash(null), "A5");
 }
Exemplo n.º 2
0
        public virtual bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
        {
            if (context == null)
            {
                throw new ArgumentNullException("context");
            }
            if (node == null)
            {
                throw new ArgumentNullException("node");
            }

            if (!SecurityTrimmingEnabled)
            {
                return(true);
            }

            /* The node is accessible (according to msdn2) if:
             *
             * 1. The Roles exists on node and the current user is in at least one of the specified roles.
             *
             * 2. The current thread has an associated WindowsIdentity that has file access to the requested URL and
             * the URL is located within the directory structure for the application.
             *
             * 3. The current user is authorized specifically for the requested URL in the authorization element for
             * the current application and the URL is located within the directory structure for the application.
             */

            /* 1. */
            IList roles = node.Roles;

            if (roles != null && roles.Count > 0)
            {
                foreach (string rolename in roles)
                {
                    if (rolename == "*" || context.User.IsInRole(rolename))
                    {
                        return(true);
                    }
                }
            }

            /* 2. */
            /* XXX */

            /* 3. */
            string url = node.Url;

            if (!String.IsNullOrEmpty(url))
            {
                // TODO check url is located within the current application

                if (VirtualPathUtility.IsAppRelative(url) || !VirtualPathUtility.IsAbsolute(url))
                {
                    url = VirtualPathUtility.Combine(VirtualPathUtility.AppendTrailingSlash(HttpRuntime.AppDomainAppVirtualPath), url);
                }

                AuthorizationSection config = (AuthorizationSection)WebConfigurationManager.GetSection(
                    "system.web/authorization",
                    url);
                if (config != null)
                {
                    return(config.IsValidUser(context.User, context.Request.HttpMethod));
                }
            }

            return(false);
        }
Exemplo n.º 3
0
        void RewritePath(string filePath, string pathInfo, string queryString, bool setClientFilePath)
        {
            if (filePath == null)
            {
                throw new ArgumentNullException("filePath");
            }
            if (!VirtualPathUtility.IsValidVirtualPath(filePath))
            {
                throw new HttpException("'" + HttpUtility.HtmlEncode(filePath) + "' is not a valid virtual path.");
            }

            filePath = VirtualPathUtility.Canonize(filePath);
            bool        pathRelative = VirtualPathUtility.IsAppRelative(filePath);
            bool        pathAbsolute = pathRelative ? false : VirtualPathUtility.IsAbsolute(filePath);
            HttpRequest req          = Request;

            if (req == null)
            {
                return;
            }

            if (pathRelative || pathAbsolute)
            {
                if (pathRelative)
                {
                    filePath = VirtualPathUtility.ToAbsolute(filePath);
                }
                else
                {
                    filePath = filePath;
                }
            }
            else
            {
                filePath = VirtualPathUtility.AppendTrailingSlash(req.BaseVirtualDir) + filePath;
            }

            if (!StrUtils.StartsWith(filePath, HttpRuntime.AppDomainAppVirtualPath))
            {
                throw new HttpException(404, "The virtual path '" + HttpUtility.HtmlEncode(filePath) + "' maps to another application.", filePath);
            }

            req.SetCurrentExePath(filePath);
            req.SetFilePath(filePath);

            if (setClientFilePath)
            {
                req.ClientFilePath = filePath;
            }

            // A null pathInfo or queryString is ignored and previous values remain untouched
            if (pathInfo != null)
            {
                req.SetPathInfo(pathInfo);
            }

            if (queryString != null)
            {
                req.QueryStringRaw = queryString;
            }
        }